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Introduction 

hackers and other malicious Intruders. 
INTRODUCING SYGATE® PERSONAL F.REWALL ProTM 

you can «nd.o.ay to protect you. and yoo;™ll^^ 

Bi-Directional Defense 

As a bi-directional intrusion defense system Svaate P«r«« . ... 

your personal computer is proteSed f,?m eS/mT T'^*"*'' P^*> ensures 
simultaneously preventing unauthorized access frSTvn!? ' ^"^'"Pte while 

Personal Firewall Pro is a must-have selXT^^^^ 

connects to any network, especially the pubTc fntemS. ""^ ''^ °' ^^P-to^tt^t 

Any Location 

Kiddles. If ,ha, Isn, eno„gh?^yS:.%t?ro„.l Xw!m°^ ^^sSS 

Friendly and Configurable 

security. Sygate Personal Firewall Pr!^^„.?T®^^*'''®^^ co""^^^^ 
automatical^ .nstalls on your system and 

to go. with complete protection for all of your n^iwng nleds ready 

About this Document 

This document is an overview of the installation, dep^yment. and use of Sygate 
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Personal Firewall Pro, a Sygate® Technologies software. This document is written fora 
typical computer user. Questions regarding the content of this document can be emailed to 
documentation@sygate.com. 



Assumptions 

This guide assumes that the user is familiar with the basic functioning of Windows operating 
systems, and standard Windows items, such as buttons, menus, toolbars, windows, etc. 

Further, this guide assumes that the user has an Internet connection, whether through a 
private network, DSL connection, dial-up modem, or some other fomi of connection. 



Terms 



Depending on the kind of computing system that you use, you may conriect to the Internet 
through a local area network (LAN), DSL, dial-up modem, or any number of other methods. 
The term "network connection" is used to refer to all of these different connection methods. 



Conventions 



red, Helvetica 
bold font 

bold font 



courier 
gray 

italics 



product name and abbreviation (Sygate Personal 
Firewall Pro, SPF Pro) 

keyboard and on-screen keys, windows, screens, fields, pull- 
down lists, tabs 

all command lines entered in MSDOS 
security levels in Sygate Personal Firewall Pro 

used to emphasize important points 



Support 



Questions regarding the use of the product can be emailed to our support team through our 
web site at http://www.sygate.com, under the Support menu. 
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How Firewalls Work 

HowLtrVJr- ^ famijar With firewalls and the way they work, you can skip this section. 
However. If th SIS your first time using Sygate Personal Firewall Pro (oranvfirS 

rhrrw:i^^:~r^^^^ 

There are a number of ways in which you can protect your computer from potential intmders 

mJZT^ ^r'"''' °< best methods. nSs ^meTn 

different forms^Some are software applications, like Sygate Personal FirewaH Pri 

Others are hardware devfces. and some are a combinatioS of hardware and sXarel 

°* ""^^^^'"S information that flows into your computer 
The unfortunate truth is. in most cases, it isn't enough to merely look at incoming data Often 
firewalls arent aware that incoming data is bad until it has actually triggeredTp?oblSn. 

That is why Sygate Personal Firewall Pro takes a comorehensive aonmarh 
computer security. Sygate Personal Firewall Pro monLSSS ZmKo use 
b«^pH"!^t? aj»/yzesthe traffic for unusual attributes. res;^nTtS^the t^^^^^^^ 

based on the analysis, and reports the interactions in detailed log files. Flii ly ?ynate 
Pe sonal Firewall Pro offers links to Sygate® OnHne Sen^ices, whi^h «wsSL v^^^^^ 
flndsThem "^"'^ security 'a^^'b^S^^rJaSe 



Sygate Personal Firewall Pro is Your Elite Security 
Squad... 

^" "'S^!*^'""- Not just any club, but an expensive, exclusive club where the 
chemele is famous the chandeliers immense, and the dance ficor is imported Italian marble 

^outrln ^jS T f "P^r ^° ^""^ Studio 54 m?ets IplgrNofoJu; 

would you hire the best cooks, waiters, and bartenders available, but you would also h"e Sie 
best security possible, to ensure the safety of your guests and ciistomers. 

You would most likely keep burty. stem bouncers at every entrance, extensive securitv 
cameras throughout the building, and well-trained security guards to^SThrbulldiS 
.nterior. to protect your guests from possible harassment frorS univrted g^ ^ 

I1»hT^^ °* computer as an exclusive night club, but you should. It might not 

np^ IZTJ^T""'^"' with supermodels, but it contains all sorts of precious infZatio? 
files, and data that are constantly at risk from outside intmsion. Like a popular nightclub you; 
computer is always being eyed by people who want to break in and'cSsh thTpX. 'so "o 
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What would you do if suddenly, all the files on your computer disappeared? Worse yet, what 
if private information, such as credit card numbers, were stolen and used by a hacker? You 
owe It to yourself and your computer to hire the best security team available to protect you 
and your data from uninvited guests. It's true: your computer is an exclusive nightclub and 
your network connection is the front door. 

Sygate Personal Firewall Pro functions tike a set of burly bouncers and security 
guards, monitoring every guest that attempts to get into or out of your nightclub. 

Monitor 

When any "guesf attempts to access your network 
Your Coilipilter= connection, your computer's bouncer, Sygate® 

Personal Firewall Pro examines it carefully. 

A "guesf would be any packet of information that 
attempts to use your network connection (or modem). 
Sygate Personal Firewall Pro uses application- 
based security rules, meaning that it examines the 
application being used to send the packet. An incoming 
Exclusive Disco outgoing packet could be a legitimate application, 

such as a web browser or a media streaming device, or 
it could be a potentially hazardous program, like a virus 
or a Trojan horse, attempting to make use of other applications in order damage or steal your 
personal files and information. 

Sneaking Suspicions 

Some of the most dangerous intrusion methods use a technique known as "masquerading" in 
order to sneak past security systems. •'Masquerading" is when an intnjsive program, such as 
a Trojan horse, pretends to be a legitimate program in order to gain access to a computer or 
network. Recalling the night club analogy, imagine that an uninvited guest manages to look 
like a celebrity by donning a mask and renting a limousine for the evening. If this guest 
manages to fool security, they might gain entrance to the night club. 

This is the same strategy used by malicious intrusion programs. Once such a program 
manages to sneak past a firewall by pretending to be a safe program, it Is normally free to 
wreak havoc on your computer and computer network. 

For this reason, Sygate Personal Firewall Pro uses bi-directional scans to examine 
each guest using checksum. Checksum is an error-detection scheme that assigns a 
numerical value to a packet of data based on the amount of data in the packet. Each 
application has its own value, and Sygate Personal Firewall Pro checks each 
incoming and outgoing application for this value. Every time an application tries to access 
your network connection, either to enter or leave your computer, its checksum value must 
match its previous checksum noted by Sygate® Personal Firewall Pro If the 
values do not match, Sygate Personal Firewall Pro will notify you of the difference 
with a pop-up message (for further information on pop-up messages, see "A/Vhy Did I Get a 
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Pop-Up Message?", starting on page 20). 

Eyes in the Back of Your Head 

Sometimes, suspicious activity can arise from inside. In a night club a seedv w 
character might have slipped into a club before the security /iS^ V^is imm^^^^^ 
to. to damage the club's interior, or t.y to steal something and Z l^ui^lcT ' 

Likewise, computers can already contain harmful programs like Troian horses before a 
firewall is installed - which is w/iySygate® Personal Firewall pJl rSlL ? 
constantly on the look out for any sl%icious gues°e„ e^^T/^w;; 'f/^fe^^wSn? 
through any entrance. With bi<iirectional security. Sygate Personal Fh^tJ^tfT^ 
c^reSoi? °* ^^'"^''^ ''^ ^-P'"^'a sharp^Lyron yo:*S>mpute;s 

,r ^" make sure that 

Analyze 

this guest's appearance changed since the last visit? Does this guest have re foiam^^ 
a genu ne application or protocol? Where is this guest corS ng S? iS,a^ ^^^^^^ 
want? Is there anything suspicious about his or her activity? ^® 

Respond 

nn*IS"°".i' "^'^ °* ^ ^""""^er. a guest can be allowed in or kicked out 

Occasionally, a bouncer might ask the club's manager if the guest should te allSwedT 

tuS.T/Z^''"^l ^'"^ ^""^ ^''^"S^ « ^''""^^ process. In the case of incomino 

s^p"SL:i::.?hei^^^^^^^^^^ ^-^^^ ^"^««- - 'e^^i-tJunraS 

If the guest isn't on the list, but passes inspection, the firewall will inquire if you. the manaoer 

Si tET" '^l^T '° " 9"^^* suspicious, or has beerdenVed entraSce 
before, the firewall will immediately deny entrance. enirance 

Even if an incoming packet passes through Sygate Personal Firewall Pro i*e 
application is still carefully monitored for unusual behavtor. I an^plicL ion t ils to s'eid 
.nfom,at.on out of your compute, Sygate Personal Firewall pTo isSe. wa^^^^^^^^^^ 
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doorways, preventing the loss of valuable information. 

Report 

Sygate Personal Firewall Pro has a unique and powerful logging system that records 
traffic that attempts to use your network connection. Four separate logs track firewall 
operation, attempted attacks, network traffic, and raw packet data with details such as remote 
ports and host names, IP addresses, and attack types. These logs can be accessed at any 
time from the System Tray Icon or main console, and can be configured and consolidated for 
easy viewing and storage. 

Additionally, Sygate Personal Firewall Pro offers the option to back trace logged 
events in the Security and Traffic Logs, and provides the names and addresses of network 
administrators overseeing computers used in hacking attacks. 

Assess 

Sygate® Online Services provides six unique scans that detemnine and report possible weak 
points in your security so that you can cover them before they are discovered by a hacker (for 
details on SOS vulnerability assessment, see "Vulnerability Assessmenf , starting on page 
67). 

Sygate P e r s o n a i F i r e w a II Pro is the Best 
SolutionAround 

We know you have a variety of firewalls to choose from, and we are confident that you have 
chosen the best one available. Sygate Personal Firewall Pro is the latest and most 
powerful personal firewall from Sygate® Technologies, Inc. 

Sygate Personal Firewall Pro combines vulnerability assessment with configurable 
application-based bi-directional security to provide you with the utmost in personal computing 
security. 
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Installation 

Before installing Sygate Personal Firewall Pr« .1 

un.nstalled all previous versions of Sygate PersonaTFirrw^^^ "'"^ "^'^ 
Sygate Personal Firewall Pr^ r.r.^w 

deployment. Before beginning installa ton i?te^^^^^^^^ with user friendly 

access your network or internet connSon TNs ShS? !^ ^" P«>9rams tha\ 

Computer Environment Requirements 
Minimum System Requirements 

• Pentium 133 or equivalent 

• 32 MB RAM 

• 10 MB free disk space 

• At least one network adapter or modem 

• TCP/IP protocol installed 

• Internet Explorer Version 4.0 or later 

Operating Systems (any one or a combination of those listed 

• Windows95.95 0SR1.95 0SR2.95 0SR2.5 

• Windows 98. 98 Second Edition 

• Windows Millennium Edition (ME) 

• Windows NT 4.0 Workstation with SP5 or later 

• Windows rrr 4.0 Server with SP5 or later 

• Windows NT 4.0 Tem,inal Server with SP5 or later 
.Wrndows^ 

Supported Internet Connections 

• ^SeTSiSrSelSSn^^ — LAN. DirecPC. 

Downloading 

1. Make sure that you have completely uninstalled all previous versions of Sygate 
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Personal Firewall Pro. 

2. Click the Sygate Personal Firewall Pro download linl< on the Sygate® 

Technologies, Inc. web site (www.sygate.com). 

3. Select the download folder for the Sygate Personal Firewall Profiles. 

Beginlnstalling 

1. Fronn the specified download folder, open the executable file by clicking on the icon. You 
may have to unzip the file first. Sygate Personal Firewall Pro begins extracting files. 

2. If you see the Ovenwrite Protection message, click Yes to All. This indicates that you liad 
an earlier version of Sygate Personal Firewall Pro installed on your computer. 

3. Next, InstallShield Wizard launches and will begin installing Sygate Personal 
Firewall Pro. 

4. The InstallShield Wizard screen opens, displaying the Welcome screen. Click Next. 



5. Next, the End User License Agreement is displayed. Scroll through the Agreement and 




InstallShield Welcome Screen 
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read the terms of use for this product. Click Yes if you accept the terms. 



nstallShieldWiidrd 



I Lieera«Aore6Mril 




End User License Agreement 
6. Next, the Destination Location screen appears. Click Browse to select the precise 

I Choote DetliMlim LocaliMi ^^^""^^WM^MS 

I SdadfoUewtfimSttupMahiMaes. 




Destination Location Screen 
location for the installation of Sygate Personal Firewall Pro. Select the folder in which 
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Sygate Personal Firewall Pro will be installed by clicking on the icon so that the folder 
name is highlighted. Click OK. 

7. Click Next when the Destination Location screen reappears, displaying the correct path 
for the installation of Sygate Personal Firewall Pro. 




Select a location for Sygate® Personal Firewall^ 



8. Select the program folders in which you wish to display Sygate Personal Firewall 
program icons. You may enter a new folder name or select a name from the list. 



I InslatlShictd Wizard • ■•:■\.:■■■■y■\:.■t^'■■li■^^-^rvf2'':^i 



j Selvd Piejpan FoMei 




Select Program Folder 
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9. Click Next 

10. InstallShield Wizard completes the installation of Sygate Personal Firewall Pro. 



InstallSitield Wtmni 




Installation Completion Window 



11. You will see the System Configuration message as Sygate Persona I Firewall 
Pro completes system configuration. "-ersonai urewall 



12. The installation is completed. Select Yes and click Finish to restart 



your computer. 



InslallShield Wizard 




ImtanSlNeid Wiz«rd Cooiplete 

The IratajSHdd Wnard has uiccmtU^ hslaSed Sjnale 

younurtmiMjnuiooRVMte. ™ 



O No, I naiaiiM my computer IttM. 
^SJ^^J^**"*" "heir *Kr«. and Ihenclekr^ 




Install Completed 
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Registering Sygate® Personal Firewall Pro™ 

13. Next, the Registration window will open, prompting you to register your installation of 
Sygate Personal Firewall Pro. You have the option to register the product immediately 
or defer registration until another time by using the 30-day trial option. 

We recommend registering your installation of Sygate Personal Firewall Pro as 
soon as possible. Registering the product enables you to receive support from Sygate® 
Technologies. Inc. You can reach Sygate® Technologies Support via email at 
support@sygate.com. If you decide to register later, you can always access the 
registration form from the main console by opening the Help menu and selecting 
Register... from this list of options. 

Please note that any and all information you provide is kept confidential. Sygate® 
Technologies, Inc. does not sell or trade customer information with other companies or 
organizations. 

To complete registration, you must purchase Sygate Personal Firewall Pro from the 
Sygate® Technologies web site at http://www.sygate.com. If you have already purchased 
Sygate Personal Firewall Pro, and have the serial number and registration code 
available, you may register the product. Enter the appropriate information in the fields 
provided and click the Register Now button, or click the Try Now button to take advantage of 
the Sygate Personal Firewall Pro 30-day trial. 

Again, please make sure to include a valid email address in the appropriate field. In order to 
receive email support from Sygate® Technologies, Inc., you must property register your 
product. 



You're Secure! 



After the installation of Sygate Personal Firewall Pro. you are protected from hackers 
and other unwanted intruders immediately, without having to configure anything! Of course, 
Sygate Personal Firewall Pro comes with configurability options that beginning and 
advanced users alike can use to create security solutions customized to individual needs. But 
users should rest assured that they are safe and secure with Sygate Personal Firewall 
Pro immediately. 
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Starting with Sygate Personal 

Firewall Pro 

using a firewall Is like having a body guard Installed on your computer. 

JuVste^^nfetg^^^^^^^^^^^ on the look out for suspicious 

way In which Sygate PersonarFTewal^ Pro's ^^^^^^ '"'^"'^ connection. The 

will vary from user to user. Syga e ?ersonaf n" ° ,^ ^^^^ 
connection speed (if it does. conLlt5^Jurrr S?art^^^ effect your 

email at support ©sygate.com) ^^epartment or Sygate® Technologies support via 

is the barrage of po'p-up messXryorreS^le.t\y^ l*''"^ ^" ^'"^^ ~«ce 
uses your modem or neSwork connSn ^ ^ ^""^ ^ *° ^""^^ « that 

WhyDidlGetaPonii^M 

/ « «ei a Kop-Up Message? 

An application-related pop-up message will occur for one of three reasons- 
•An application that Sygate Personal Pir^».«ai » 

before crlhat has been'LgnXstet so^^^^^^^ 

network connection. ' access your 

•An application that normallv accessecs vn.,r 
*an9e<l,po«lblyb»!au»ol.pS?^S "* 

2^,. • Tr=l.„ ho« on ,our 

New Application Pop-up 

onai Mrewall Pro is running in the background. 
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Suddenly, the following pop-up message appears on your computer screen. 




Sygate Personal Firewall Pro Pop-up Message 



What Does This Mean? 

The information on the pop-up tells you that Microsoft Internet Explorer is trying to access 
your network connection. The site that Internet Explorer is trying to load is 
scan.sygatetech.com. which has an IP address of 207.33.111.332. The server (computer) 
that powers that site is using server port 80. Initially, that might seem like too much 
information to take in. 

D e tail 

Clicking the Detail button opens another information field that contains further details on 
the connection the application Is attempting to establish. Information such as the file 
name, version, and path are provided. Look at these items to make sure that they match 
the description of the application that you normally use. The details section should also 
indicate where the file was initiated: either local (meaning that it was opened on your 
computer) or remote (meaning that the application was initiated by an outside source). 
Additionally, the local and remote ports numbers and IP addresses should be provided. 

Why Did This Appear? 

This pop-up appeared because Microsoft Internet Explorer has been opened, either directly 
by you. indirectly by you, or by another application. 

You might have tried to open Internet Explorer. If so, either this is the first time that you have 
done so since you installed Sygate Personal Firewall Pro, or you have assigned 
Internet Explorer a status of "Ask", meaning that every time Intemet Explorer tries to access 
your network connection, Sygate Personal Firewall Pro will ask you to grant it access 
(for more information on access status, see "Viewing the Applications Lisf, starting on page 



What if you did not directly try to open Intemet Explorer? Perhaps you clicked on a link to a 
web site, or tried to open another program that might use Internet Explorer. You might have 
clicked the Test button on the Sygate Personal Firewall Pro main console (for 
information on testing your firewall, see "Vulnerability Assessmenf , starting on page 67). If 
so, your computer will try to open Intemet Explorer for you. In such a case, it is probably safe 
to click Yes and allow Intemet Explorer to access the network. 
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However, if you haven't opened any prSamrLt u^^^ T"^' °^ ^^^sons. 
message, or can't see any reason wh^?hr!n r T ^! ^PP''ca*'°" "sted on the popMjp 
connection, is always sXsUo say Th s ^0^^^^^^ '° ^^"^ "'tTr^ 

on your computer, something that needs to bL cS^lmme^^^^^^ ^ "'^j^" ^^-^^ 




Pop-up Message Application Details 
What Should I Do When I Receive a New Application Message? 

'^'oV^^'^X\^:^'^^^ Persona, Firewall 

Technologies web site at thTremo^roofs^E " ^'^"9 '° ^"^^^^s « Sygate® 

irrformation on the Internet, so S an^^^^^^^ "^^ ^ *° and ^e'ceive 

iKottrtXT^ 

If you check the box marked Remember mvim^ilr Iln iT'^' ^ 
application. Sygate PersonaTFrewa7 pT^S fiS ""^ »his 

according^ the nexttime this application tr^^traLt;™ 
S^""'-* I Select "Ye 



s 
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can select Yes. The application will then be able to access your network. You can 
change the status of the application at any time, either in the Running Applications 
field or in the Applications LJst. 

Should I Select "No"? 

However, if a pop-up message is unexpected, and you cant see any reason why the 
listed application should try to access your network connection, select. No. This will 
assign the access status of Block, so that it will be automatically blocked from your 
network connection any time it tries to gain access. You can change the status of the 
application at any time, either in the Running Applications field or in the Applications 
List. 

You should also run a virus scan to make sure that you have not inadvertently downloaded a 
virus or a Trojan horse that could infect your computer files. 



Table 1: Pop-ups and Access Status 



Click 


Check "Remember my answer..." 
box? 


Access Status 
Assigned 


Yes 


Yes 


Allow 


Yes 


No 


Ask 


No 


Yes 


Block 


No 


No 


Ask 



Changed Application Pop-up 

Occasionally, you might see a pop-up such as the one pictured below. 



Sygate Pcitona! FircwaU Pco I0/0U/2UO1 CD:03.-S2 : :r 




Changed Application Pop-up Message 



What Does This Mean? 

The application listed on the pop-up message is trying to access your network connection. 
Although Sygate Personal Firewall Pro recognizes the name of the application, 
something aix)ut the application has changed since the last time Sygate Personal 
Firewall Pro encountered it. 
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Detail 

o's.rxri^""" '""^ on «« .m^. 

Why Did This Appear? 

Wha. Shouid i Do When . Receive a Changed AppiicaUon Message? 

Trojan Horse Warning 

Hopefully, you Ml ne«r eee . pop^p 




Trojan Horse Warning 



What Does This Mean? 



This message indicates that Syqate Per«nn»i ei. .. » 

Trojar, ho,.e on your computer. ItCexptehs^ ^^^^'^^'^ ^ '"'own 

accessing your network. ^ ^ '^^^ ^^fse has been blocl<ed from 

Detail 

Zl^Z^r^X'^''' '"^«>-«o" on the app,ica«on.s 
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Why Did This Appear? 

Either you tried to open the program identified as a Trojan horse, or It has been triggered by 
another program on your computer. It is possible that the Trojan was on your computer when 
you installed Sygate Personal Firewall Pro, or that you have recently downloaded it 
through a legitimate application, such as a web browser. The Trojan tired to access your 
networl< connection, and has been blocked by Sygate Personal Firewall pro. 

What Should I Do When I Receive a Trojan Horse Warning? 

If at work, you should immediately notify your IT department, if you receive the notification on 
your home computer, you should purchase some anti*virus software. Some companies offer 
free trial versions of their anti-virus programs. 



> Copyright 2001 , Sygate Technologies, Inc. 25 



4SD0CID: <XP 2248366A_L> 



Sygate® Personal Rrewall Pro™ User Guide Version 2.0 



Getting Around Sygate Personal 

Firewall Pro 



Understanding the different components of Sygate Personal Rrewall makes it 
easy to navigate through the different screens and f unctions! 

System Tray Icons 



These arrows give you a real-time 
update of your computer's traffic flow. 
You might not see a constant icon 
appearance for more than a few 
seconds, especially If you frequently 
use the Internet or your network 
connection. 



Incoming 
Traffic 




Outgoing 
Traffic 



System Tray Icon • Two Arrows 



that £s all X nn^^^^^^ "'''^f '^^"^'"^ ''^^^ yo^^ computer) A table 

1" J^^rtinn nn n!^ c''^^" oolor Combinations and their meanings appears ii^^AoDeS^ 
l^^^tarting on page 72. For most users, It should be sufficient to ?emembeMhe foT^^^^^^^ 



Table 2: System Icon Color Coding 



1 If the color of the arrow 






...then... 1 


RED 


...traffic is being bioclced by the firewall. 


BLUE 


...traffic Is flowing uninterrupted by the firewall. 


GRAY 


...no traffic is flowing in that direction. 
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Alert Mode -Flashing System Tray Icon 



0 



You might occasionally notice that the System Tray Icon begins flashing This 
tells you that Sygate Personal Firewall is in Alert Mode. Alert Mode 
occurs when the firewall records an attempted attack on your computer. To 
view the attack infonnation. double-click on the Icon. The Security Log will 
open, displaying new log entries. 



The icon will stop flashing after you double-click it Please note that opening 
the Security Log through the main console will not cause the System Tray Icon to stoo 
flashing. * j k 

Using the System Tray Icon 

You can easily configure basto aspects of Sygate Personal Firewall Pro without even 
opening the main console. Simply by double-clicking or right-clicking on the System Tray 
Icon, you can change your security level, view Help or log files, or even disable Sygate 
Personal Firewall Pro. 

Table 3: System Tray Menu 



1 Menu Option 


What It will do for you... 


Sygate Personal Firewall 


Opens the Sygate Personal Firewall Pro main console. 


Block All, Normal, Allow 
All 


Choose one of the three security levels (for more on security lev- 
els, see -Setting Your Security Uvel", starting on page 39). 


Applications 


Opens the Applications List (for more on the Applications Ust, 
see "Applications List", starting on page 40). 


Logs 


Opens the Sygate Personal Firewall Pro Logs (for more 
on Logs, see "Logs'*, starting on page 46). 


Options... 


Opens the Options... window, for advanced security options (for 
more on the Options... window, see "Configuration Options", 
starting on page 55). 


Hide System Tray Icon 


Hides the System Tray Icon from view. 


Help 


Opens the embedded help files. 


About 


Opens the About window, providing information on your installa- 
tion of Sygate Personal Firewall Pro. 


Exit 


Disables Sygate Personal Firewall Pro (option not avail- 
able on Windows NT systems). 
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Hiding the System Tray Icon 

icon in the systeS t,By. you can hide ^eTcon fS^?vliw T^^^^^^^^ '° "'^^'"9 

System Tray Icon gives constant indication S yTr^^L^tot an^^^^^^ 

your computer. ^^'^ anack attempts against 

To Hide the System Tray Icon 

There are two ways to hide the System Tray Icon: 

Sy ICO?' *'°°" '^"ok on Hide System 

•Open the Tools menu and select Options On th*^ r«it^^.^i t l. ... 
CNC. .he box next ,„ ,e« ™. iy^i^f 

To UnHide the System Tray Icon 

There are two ways to unhide the System Tray Icon- 



Main Console 
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list of options. 



System 
Menus 

Toolbar 
Buttons 




Message 
Console 





SYGATE 










Running Appiediom : 



e Window* Setvicos 



nsarvkesandCoriraler... 5.002194.1 C\WINNTVsyitein3Z\^ervkBS.„. 

fSIl^AExecutebteandSer... 5.002)95.1620 C:\WIM«r\fyst«H32U5AS5.CXE 

{^Generic Host Process fo... 5.00.2194.1 C:\WINNnsystein3Z\svthQSt.... 

ISlSQL Server >Mndows NT 2000.080^0191... e:\MS5QLVBim\sq|servr.exe 

SStuK Scheduisr Engine 4.71 .2197.1 Ct\WiM^stetn32\instesk.exa 

iQintemetlnrarmBttanSe... S.Oa09e4 C:\WINNnsystefn32\MtsrvU... 

□SQLServtrServtCBMan... 2000.080.0194... C:\ProgrM) Flas\MIO0Sitft sd^ 

_\ 



^188/16/2001125216 SygAt8Pei$OMlFReiMQPfo4.18S7 
O9;ia/200113:5£16 Start SygataPenondrmweina. 
OanB/200113tS2:20 SifgetePenonairiawBlPlo has been daHed 



Minimize and 
Close 
buttons 



Bar graphs 
provide 
constant 
traffic flow 
updates 



Check box 
provides option 
to hide display 
of system 
services 



Running 
Applications 
Field 



Status Bar ' 



Sygate Personal Firewall Pro Main Console 



Traffic Flow Bar Graphs 

The first thing you will probably notice about the main console is the set of horizontal bar 
graphs below the toolbar. These graphs provide real-time graphical representation of the 
traffic that is flowing in and out of your computer. 

The top (green) graph represents traffic that is entering your computer from your network 
connection. 

The next (blue) graph displays the traffic that is flowing out of your computer through a 
network connection. 

The bottom (red) graph shows traffic, flowing in either direction, that is being blocked by 
Sygate Personal Firewall Pro for security reasons. 



Note Even if the main screen is not visible, Sygate Personal Firewall 
Pro is still mnning in the background , 
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Menus 



Jnk.TnH 's designed to provide instant system status information, while displaying 

«o of thJ ^"^ ^^^^"""^^ °^ Sygate Personal Firewall Pro T^e 

Too?J vfew Tnd" Help ' "^^"^ "'^ ^^^'^"^^ SecurSy UlSl! 



File 




Clicking on the RIe menu opens a pull-down list with 
two choices: Close, which closes the main console, 
and Exit Firewall, which stops the Sygate 
Personal Firewall Pro sen/ice and disables 
firewall protection. To restart the service, you will need 
to reopen the firewall from the Programs menu under 
the Start menu. 



Security 




In Sygate Personal Firewall Pro, there are 
three security levels that you can utilize: Block All 
Normal, and Allow All. Normal is the default setting 
in Sygate Personal Firewall Pro, and is the 
security level that you will probably use the most 
Block All and Allow All are used when you need to 
utilize the option either allowing or blocking aU 
packets of information entering and leaving vour 
computer. 
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Tools 



The Tools menu provides several options. Selecting 
Applications opens the Applications List, a catalog 
of all the software applications that have attempted to 
access your network, as well as the level of trust you 
have associated with them (for more information on 
the Applications List, see the section "Applications 
Lisf , starting on page 40). 



You can choose to view any of the four log files from 
the Tools menu (for information on viewing and 
understanding logs, see "Logs', starting on page 46). 

The Options selection offers features including email 
alerts, Network Neighborhood browsing rights, 
multiple NIC support, and log file configuration. See 
"Configuration Options', starting on page 55 to learn 
nrK)re about configuration features. 



The Advanced Rules option offers a configuration 
window in which you can create rules that apply to all 
applications (see ''Advanced Rule Configuration", 
starting on page 60). 

A checklist on the Tools menu provides the options 
to automatically launch Sygate Personal Firewall Pro when your computer is booted, 
use SOS vulnerability assessment (see "Vulnerability Assessmenf, starting on page 67), 
hide the System Tray Icon, or disable the firewall altogether. 



View 
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The View menu gives you the option to alter the 
display of software programs^ in the Running 
Applications field. The option Large Icons display? 
32x32 lcons2 in the field. The Small Icons option 
displays 16X16 icons. Both the large and smaSK 
deplays prov.de the full name of the applicjtfon 
^Xr^i:S: -'^^^^'--ared.pSedi^S 

The List option also provides small icon 

ST"' * - '"^ 

■me APPtotions Details option provides not only a 
""T" WBcaUons. but also useful 
of each application. wlon number and location path 

local .„d ^ IP ^ss; :rSeTp2ss^-c„?^.-»~? 



y.-rtdflywndowsJS^jj 




Hdp 




The Help menu provides a link to the embedded Help 
SvU^ *° Information oS 

fntemfkh F'^evvall and 

Internet Shanng opportunities. 



Toolbar Buttons 

T l^e buttons located ■^low.he.nen ui.e.sc^. be used toquW.» access logs. View me H.IP 

may not PP«m,OD or a system service. Most icons should be fiuniliar to you. aldiough 
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file, or access Sygate® Technologies Online Services vulnerability assessment technologies. 



Opens the Applications List for configuration of 
application-based security 



Opens Sygate Online Services 
vulnerability assessment scans site. 



/ 



Sets security 
level to Block All 




Opens Sygate Personal 
Firewall Pro logs. By default, 
Security Log is opened 



Opens SPF Pro 
Help files 



Sygate Personal Firewall Pro Toolbar Buttons 



Running Applications Field 

The Running Applications field is located directly below the traffic flow bars. It provides a 
real-time list of all applications and sen/ices that are currently accessing your networlc 
connection. 

Applications and services are typically represented by their associated icons and names. 

There are several different ways in which you can select to view the list of running 
applications and services. To change the view, open the View menu at the top of the main 
console and select the desired view. 




Right-click anywhere in the 
Running Applications field 



Alternately, you can right-clicic on any blank area 
inside the Running Applications field and select the 
desired view from the View pop-up list. 

The view choices are Large Icons, Small Icons. 
List. Application Details, and Connection Details. 
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Table 4: View 



View 


What you'll see... 1 


Large Icons 


Large application/service icons representing with the name of the 
application/service, arranged in horizontal lines 


Small Icons 


Snraller icons and the application/service names, arranged in horizontal lines 


List 


Small icons and the appiication/senrice name, arranged in a vertical list 


Application 
Details 


A vertical list of icons and application/service names, wfth version and path 
intormation ^ 


Connection 
Details 


Shows the details of each network connection made by an individual 
application or service 


Hide 

Windows 

Services 


Checking the box at the top of the Running Applications field will hide 
system services from being displayed 
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Regardless of the view you choose, the icons will display the application or service status in 
the Running Applicationis field. There are three application statuses in Sygate Personal 
Firewall Pro: AiifilK. and Bloc|<. You assign a status to an application or sen^ice 
when it attempts to access your networl< connection, and Sygate Personal Firewall 
opens a pop-up message asking if you wish to grant it access (for more information on 
application/service access, see the section titled "Applications Lisf , starting on page 40). 

I 

A small graphic is displayed over the icon in the Running Applications field lo indicate the 
status of the application or service. 



Table 5: Application Status Icons 



1 Icon 


status 


Oescription 


0 


Allow 


Icon appears normal, with no marks 




Ask 


Icon appears with a small, yellow question mark 


0 


Block 


Icon appears with a red circle and cross-out mark 



■Message Console 



The Message Console of Sygate Personal Firewall is located below the Running 
Applications field on the main console. It provides a real-time update of network 
communication, including profile downloads and service starting and stopping. 

The Message Console is. by default, hidden from view. To view the Message Ctonsole click 
the Show Message Console button below the Running Applications field on the main 
console. The Message Console will appear. 

To hide the Message Console from view, click the Hide Message Console button The 
Message Console will collapse so that only the Show Message Console button is apparent. 

Status Bar 



The Status Bar is located along the bottom of the main console, and offers real-time 
information regarding the security level that you have selected for Sygate Personal 
Firewall Pro. 



Minimize and Close Buttons 

You can hide the Sygate Personal Firewall Pro from view by clicking on the Minimize 
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and Close buttons in the upper-right hand comer of the window. 
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Security Levels 



Your security level is the main portion of your overall security policy, and 
determines the level of protection guaranteed to your computer. 



In Sygate Personal Firewall Pro, your security level determines your overall approach 
to enforcing your computer's security. When you choose a security level, you are selecting a 
security policyXhaX can be either highly flexible, extremely liberal, or iron-fisted. Going back to 
the nightclub example, after determining your overall policy and setup, your bouncers and 
security guards need to make careful security decisions based on a combination of data that 
you provide, and Information they gather from scrutinizing guests. As the owner of one of the 
most desirable party locations, you would need the control to enforce a highly complex 
security policy, with the flexibility to immediately switch policies on a moment's notice. 

There are three different security levels available with Sygate Personal Firewall Pro: 
Normal, which is a configurable security policy, Block All. which prevents any traffic from 
entering or leaving your computer, and Allow All, which allows a free flow of traffic to and 
from your computer. 

IVIost users will find that they operate under the Normal security level for the majority of their 
computing time. Once you set Normal as your security policy, you can set access statuses 
(rights) to individual applications that try to access your network. 



Note No matter what security level you are operating under, you can configure 
settings for the Normal security level. For instance, if you are downloading a file 
that requires you to use the Allow All security level, you can configure the settings 
for the Normal security level during that time. However, the changes you make to 
the settings are applicable to the Normal security level, and will only take effect 
once you switch back to the Normal security level. 



Normal 

The Normal level is referred to as a •'configurable" setting because, using the Applications 
List and Advanced Application Configuration features, you can arrange your policy within 
the Normal setting. 

Individual applications and sen/ices can be assigned separate settings under the Normal 
security level. For instance, you can blocl< some applications using certain ports during 
certain hours, while allowing other applications using specified protocols at all times. 

Think of Normal as the kind of security policy you might need for moderate evenings at your 
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nightclub: plenty of customers, highly suspicious bouncers, and a well-monitored overall 
complex. With.n the Normal level, you have infinite security policy combinations available to 

Individual applications. Iil<e individual guests, can be assigned access statuses based on 
different attnbutes. Let's say that your nightclub agenda for one evening is to let Cindy 
Crawford inside, regardless of what she is wearing or who she has brought with her. even it 
she armies on a city bus. However, you instmct the bouncers not to let any of the local 
pohticians in because, frankly, they don't tip well enough. Around 1 AM. when the club is 
getting crowded, you can instruct your bouncers to turn everyone down. You provide your 

w ♦K^?^^ ^"^^^ ^ ^'"^^ 9"®«^ ^ Instmcttons 

tor dealing with the politicians. 

You can configure similar rules and statuses for applications/services that try to get into or out 
of your computer. For instance, you can elect to allow your web browser unlimited access to 

lZl!T f '^u ""^ """'^ ^^^^ ^^y- P«>hiW» it from accessing the 
TnT? ^. ^^^^^ ^""^ ^'^^"^ ""edia streaming applications and 

2S!lT'^r^ ^''^^P^ ^ ""^^ P«^^ «'"""9 '""ch. when they are both 

a«owed. For information on access status configuration, see "Applications List", starting on 

Note Normal puts your computer in stealth mode. Stealth mode mal<es your 
computer invisible to other computers on an external network, such as the Internet 
You can use the internet or network connection, but other users on the networic' 
such as hackers roami ng the Internet, will not be able to detect your computer. ' 

Block All 

Block All is the security level you would use if you suddenly decided that no more people 
should emer your nightclub. Either Ifs getting too crowded, or maybe you are having a 
problem with a rowdy guest inside. ■ wving a 

In Sygate Personal Firewall Pro. Block All prevents any and all traffic from entering 
or leaving your computer. You should use this setting if you plan to be away from your 

still logging all traffic on your network connection. 
Allow All 

At your theoretical swanky nightclub, it is unlikely that you would relax security so much that 
anyone is allowed inside. However, there might come a time where you need to let more 
guests in. For instance, maybe traffic is slow one night, and you need more guests to liven up 
the party. You could instruct your bouncers to let everyone in. You would still be monitorinQ 

and oirofTbllg'°"' '"'"'^ ''"'"^ 
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Allow All should be used least of the three settings. Using the Allow All setting effectively 
disables Sygate Personal Firewall Pro blocking capabilities- any and all traffic 
attempting to access your network connection will be altowed, as if there is no firewall in 
place. However, even if Sygate Personal Firewall Pro is not blocking traffic, It is still 
logging all traffic that enters or leaves your systenfi. 

Disabling protection might seem like a strange type of security level. However, there are 
situations m which a firewall can dismpt the running of an application, such as an online 
game, or during rigorous downloading. 

For these situations, you can use the Allow All setting. All traffic is still logged by Sygate 
Personal Firewall Pro under the Allow All setting, so that you can track potential 
security breaches or troubleshoot your system. After you finish running the incompatible 
application, you should immediately return your status to Normal or Block All. 

You should use the Allow Ail setting very sparingly. 



Setting Your Security Level 



There are two ways to set your security level: 

•Right-click on the Sygate Personal Firewall Pro System Tray Icon 
and select the level from the list. 

•Open the Sygate Personal Firewall Pro main console. Open the 
Security menu and select the desired security level from the menu. You can 
switch to the Block All level by clicking the Block Ail button on the main 
console toolbar. 



Note You can change your security level at any time using either of the methods 
described above. 
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Applications List 



The Applications List is a list of "auests" that hau^ ♦rs^w 

conditions. 

detects rying trLesrvoufni^^^ ^^"'^'^'^^^ ^"^ ^^"^^^ that have been 
Persona F?rewar?ro TA^ ,-'°"?.'^'°" "'"''^ installation of Sygate 
provide applSs l the^utS^ '^'^ v'" 

includes Sy appllcatirTa!"^;^^^^^^ 

connection. a»owea or oenied access to your network 

Advanced status configuration settings allow you to soecift/ y^hinh r^M ,■ ■ 

use. or to schedule a time period in which Tapp ^c^tKn^ a^^^^ "^'] 

your network connection. oHM"caiion can oe allowed or denied use of 



Note Dont confuse the Applications List (which displays a list of all apolications 



What is an Access Status? 

access statuses: Allovy. Ask, or Block. connecbon. There are three main 



Copyright 2001, Sygate Technologies, Inc. 



40 



Sygate® Personal Firewall Pro^^ User Guide Version 2.0 



Opening the Applications List 

You can access the Applications List by clicking the Applications icon on the toolbar, or by 
selecting Applications under the View menu. 

Vievyring the Applicatioris List 

The Applications List shows all applications and services that have attempted to access 
your network connection since the installation of Sygate Personal Firewall Pro. The 
application/service name, version, access status, and path are provided in a simple screen. 

Like the Running Applications field, you can change the 
display view for the applications and services shown in the 
Applications List. To change the view, right-click 
anywhere in the Applications List. 



Select View from the list of options, then select the desired 
view. The different views are explained in the section 
entitled "Running Applications Field", starting on page 33. 

To select an application or service for configuration, click on 
its icon, file name, version, access status, or path. Once the 
application or service name is highlighted, you can change 
or configure its access status, or remove it from the 
Applications List. See "Advanced Application 
Configuration", starting on page 43 for information on 
security settings options. 

The buttons at the bottom of the Applications List screen provide the option to remove 
selected or all applications from the list. Once an application/servfce is removed from the 
Applications List, its access status is erased. 

Once the application/service attempts to connect to the network again, you will be notified 
through a new application pop-up, and be asked to assign a new status to the application/ 




Selecting the view for 
Applications List 
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service. 



List of applications and _ 
services tliat have attempted 
to access network connection 



Opens Advanced Configuration 
windov^ to configure extra 
security options for selected 
application/service 




Removes tfie 
selected 
application from 
the Applications 
List 



Rentoves all 



applications/ 
services fronn list 



What is an Access Status? 

An access status is a set of rules assigned to an application (or a system service) within 

?/.!«!h '"""/"r"' h(!w an application caS 

access the user s network connection/modem. It is a sort of Bill of Rights for an application 
specifying «,hat nghte to the network are given to an individual application. There are three 
application statuses in Sygate Personal Firewall Pro: AUfiM. Bsh, and filacfc 

An application with a status of AUsjk will be allowed to access network connections 
regardless of the source of the request. wonneciions, 

An application with a status of Ask requires your permission each time it attempts to access 
ne work connections. For instance, if you assign the status of AsJs to Internet Explorer, you 
will be asked to grant the application permission to utilize your network connection or modem 
every time Intemet Explorer is opened. 

An application with a status of Bloglt will be blocked frorn using your network until vou 
change its status. A blocked application cannot, under any circumstances, send data packets 
into or out of your computer. uautfjaoReis 

l°LtJ^^'^r\J^^ representations of application status in the Running 

Applications field, see "Running Applications FieW". starting on page 33). 

To Change the Status of an Application/Service in the Applications 

1. Open the Applications List by clicking on the Applications List icon, or opening the 
Tools menu and selecting Applications. ^ 

2. Click on the RIe Name of the appropriate application or service until the row is highlighted. 
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3. Using your mouse, right-click on the highlighted row. 

4. Select the appropriate status (Allow. Asfe, or Bloc|f) from the list. 

5. Click OK to close the Applications List. 

To Change the Status of an Application or Service from the Main 
Screen 

1. Right-click on the icon or application name of the application or service. 

2. A pop-up menu will open, giving the options of Allow. Ask, or Block. Select one of the 

options by clicking on it, 

3. The application icon will change to reflect the new status. . 

To Change the Status of an Application from Ask to,.. 

When an application or service with the status of Ask tries to access your network 
connection, you will see a pop-up message similar to the one below. 




• To change the status of this application to " Allow ", check the box next to the mes- 
sage Remember my answer, and do not ask me again for this application and 
click Yes. 

• To change the status of this application to " Block" , check the box next to the mes- 
sage Remember my answer, and do not ask me again for this application and 
click No. 



Advanced Application Configuration 

You can configure advanced security settings for each application on your application list by 
setting certain restrictions on which IP Addresses and ports an application can utilize. 
Advanced configuration should only be undertaken by users who have a firm grasp on 
computer ports and application protocol. 

To Set Advanced Configuration 

1- Open the Applications List by clicking on the Applications icon on the S y gate 
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2. Select the name of the application that you wish to configure advanced settings for 

3. Make sure the name of the application is highlighted. 

4. Click the Advanced button at the bottom left comer of the Applications Lis. screen 

5. The Advanced Application Configuration window opens. 



Select application 
from pull-down list 



*<i»anccdA<iplicfltion Connourallon 




Check box to allow this 
application network 
access during 
Screensaver Mode. 



_ Enter tnjsted IP 
address or address 
range for selected 
application 



Enter trusted remote 
and local ports for the 
given protocols 



Set scheduling 
either during or 
exuding specif k: 
time frames 



Advanced Application Configuration 



6_Make sure ^ ^ co.«ct app»=Mio„ l„ sete«e« In »» M.™ c App,fc«i.„ p„„^ 
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block the selected application during Screensaver Mode (for more infomiation on 
Screensaver Mode, see "Screensaver Mode", starting on page 56). 

8. Enter trusted IPs or IP ranges in the Trusted IPs for the Application text box. 

You must enter a valid IP address range. Please note that the following IP address 
ranges are Invalid: 

•0.0.0.0 

•255.255,255.255 
•127.X.X.X 

9. Enter the ports or ranges of ports that can be utilized for this application. 

10. Click OK if the application restrictions are to be in effect constantly. If you wish to set a 
time limit or schedule specific periods when the restrictions will be in effect, see ''Enable 
Scheduling" below. 

To Enable Scheduling 

You can also set times for which the advanced configurations take effect. 

1. Check the Enable Scheduling check box below the Ports section on the Advanced 
Application Configuration screen. 

2. Select either the During the period below or the Excluding the period below dial. 

3. Select a Beginning Month, Day, Hour, and Minutes from the appropriate pull-down boxes. 

4. Enter a duration in units of Days, Hours, and/or Minutes. 

5. Click OK to set restrictions. 
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Logs 

m Sygate Personal Firewall Pro, logs are like security cameras - they provide 
eyes at all different angles for comprehensive security, and offer the most 
comprehensive method of tracking attempted attacks on your computen 

Security guards usually keep detailed logs In order to have a record of each time period thev 
work. If a cnme occurs, or something is later discovered missing, the guaS^n iS. tecj at 

Sygate Personal Firewall Pro is built with an detailed logging system that tracks the 
flow of traffic on and off of your computer. There are four types of togsVsy «^ Perso^^^ 
F.rewa I Pro: Security, System, Traffic, and Packet. Each log is desig^?d to monitor aJd 
record all .nfomiation relevant to the maintenance of computer security. lSSrprovSra u^^^^^^^ 
way to look back on a day's events, to see the attacks that Sygate Pe%o3 n^wan 

computing '''' '"'"'^ '^"'^ S^aJlrlTsIlfe 

Viewing Logs 

Understanding Logs 

The four different logs provide varying sets of intormation. The Security Log records all 
attack attempts aimed at your computer that have been blocked by Sygite® Persona 
F.rewa |T«. This includes port scans, denial of service attacks, etc. TT.e sjSem L^fe I 
record of all activity surrounding Sygate Personal FIrewal Pro. such as Se Srtfno 
and stopping of the firewall services. The Traffic Log records all netwoSic such tZl 

SirLj>J°" "^^^ '^^ ^" '^"^ ^^'^'^ "^"^ « ^eco^ded in the 

Opening Sygate Personal Firewall Pro Logs 

•Wght-click the System Tray Icon. Select Logs, then choose from the list of 

defallt*^^ ''"^'^ S^"^ '09 wi'l open by 

■From the main console, open the Tools menu. Select Logs, and then 

1. ftcketUg is. by default, disabled. To enable the Packet Log. see To Cpa« Hckti Log", staning on page 59. 
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choose the tog that you wish to view. 



Exiting Logs 



•To close a log file, open the File menu and select Exit, Or, click the close 
button in the upper-right hand comer of the file window- 



Log Setup 



Sygate Personal Firewall Logs are constmcted much like a normal, real-life security 

log. The log itself is recorded on a spreadsheet. Each "event", whether it be an attempted 
attack, or the initialization of an application or service, is recorded across a single iiniB on a 
data sheet. The time and type of the event, source, severity, and other aspects are displayed 
in columns on the same line. The entire data sheet of events is called a log file. 

The table below gives an three abbreviated examples of security log events. Each event is 



Table 6: Log Example 



Time 


ID 


Security 
Level 


emote 
Host IP 


Haci< 
Type 


Traffic 
Direction 


1A}5/2001 20:23:47 


202 


Critical 


10.0.1.78 


0 


Incoming 


1/07/2001 21:05:06 


202 


Mild 


192.168.0.2 


0 


Incoming 


1/08/2001 23:08:55 


202 


Critical 


10.0.4.167 


0 


Outgoing 



recorded on one line, with all infomnation regarding the event displayed In individual columns.* 

The information recorded in each log is useful for tracking potential security risks, possible 
system problems, and network or connection issues. 



Empty Log File? 

Sometimes, when a file is opened, it appears to be empty. 

This is because the default view for log files contains only the current day's events. To view 
all events logged, open the Filter menu, and select Show All Logs from the list of options. 

If you are viewing the Packet Log, and no log entries are displayed, you need to enable to 
Packet Log. See To Capture Packet Log", starting on page 59 for more information. 
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Reading Log Files 



h!S f^f! u? "-""^ ^^""^'^ ^""^ P'^^'^®^ ^ "^^^'^"^ set of information to help you 

deal with potentia problems or trace hacking attempts. The sheer volume of infomiation 
might seem kind of daunting initially, but once you start using them, logs will be one of your 
most useful defences against intruder. ^ 



th^log? ^'^""^^ ""^""^ ""^^ organize the information presented 



m 



Icons 

indicate the 
type of 

logged event - 



Logged Events . 

Click on an 
event to select 
it 



Lx>g View Menus 

/ 



itOftVtLlncr - kytUfnloo 




Additional Data Fields * 
Example of a System Log File 



Log Icons 

The most noticeable aspect of a log file is probably the icon that appears next to the date and 
time in the first column of a log event. These icons represent different information in different 

Table 7: Security Log Icons 

P Critical p Major m Minor 
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In the Security Log, the icons represent the severity of the logged event. 

Table 8: System Log Icons 

Q Error ^ Warning 0 Info 



In the System Log the icons show issues related to the Sygate Personal Firewall 
service. 

Table 9: Traffic Log Icons 

^ Incoming Allowed ^ Outgoing Allowed ^ Direction Unknown Allowed 

0 Incoming Blocked ^ Outgoing Blocked ^ Direction Unknown Blocked 

The Traffic Log icons indicate the direction of the flow of traffic for a logged event, as well as 
If the traffic was blocked or allowed to pass through. If no icon appears, then the direction of 
the traffic is unknown. 

Table 10: Packet Log Icons 

Packet Log Event 

The Packet Log displays the same icon before every logged event The Packet Log Is, by 
default, disabled. To enable the Packet Log, see *To Capture Packet Log", starting on page 
59. 

Small Data Fields 

The Sygate Personal Firewall Log Viewer displays logged events in a large data field. 
Below the main data field are two smaller fields, called Description and Data in the System, 
Security, and Traffic Logs, which provide additional information regarding the selected event 
log. 

The Description field provides a definition of the logged event selected in the main section of 
the log viewer. For instance, a System Log entry might be described in the Description field 
as "Smc sen/ice is stopped". 

In the Packet Log, these fields are called Raw Packet Decode and Raw Packet Dump (for 
more information on the Packet Log, "The Packet Log", starting on page 54). 

Filtering Logs 
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Rite?mJn.f^i^^** Personal Firewall Pro displays log events for the present day. The 

Memately. if you wish to view the log events for a limited time span, or based on severity 
evel you can limrt your view of log events through the Filler menu If you onirwtnt to viS^ 

Xs on rsjiay °' ^^"^ ^"^"^ °" 

To Filter a Log 

1. From the open log, click on the Filter menu. 

2. Select 1 Day Logs. 3 Day Logs. 1 Week Logs. 1 Month Logs, or Show All Logs. 

To Filter a Security Log 

1. From the Log, open the Filter menu. 

2. Select 1 Day Logs, 3 Day Logs. 1 Week Logs, 1 Month Logs, or Show All Logs. 

3. To view only critical attacks, open the Filter menu, then select Severity, and make sure 
that only the level Critical has a check mari< beside it. 

To Filter a System Log 

1. From the System Log, open the Fiher menu. 

2. Select 1 Day Logs, 3 Day Logs, 1 Week Logs, 1 Month Logs, or Show All Logs. 

^''^ M T^"*^' w^®" ^^^^"^ select which level(8) of severity 

you would like to view by placing a check marie next to the level. There are three severi^ ^ 
levels for the System Log: Error. Waming. and Infonnation. severny 

Clearing Logs 

IM info^Jon r ''^^'^ ™« recommended, since 

log He information, however benign or repetitive in appearance, can help you or an 
administrator troubleshoot potential problems. you or an 

To Clear a Log File 

There are two ways to clear a log file. 
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Refreshing Logs 

If a log file remains open for an extended period of time, it will not display newly recorded 
Items. To view updated log events in a file that has been open for more than five minutes, you 
will need to refresh the log. Please note that a log file will automatically refresh each time it is 
reopened. 

To Refresh a Log File 

1. From an open Log Viewer, clicic on the View menu. 

2. Select Refresh. 

Log Viewer Columns 

Each log contains different information, labeled by different column headings. The meaning 
of the information in these columns are displayed in tables in "Appendix 2", starting on page 
73. 



Exporting Logs 

All log files can be exported to another location to save space. Saved log files can sen/e as 
valuable infomnation on the history of hacking attempts against your computer. 

To Export a Log File 

1. From the Log Viewer, open the File menu and select Export.... 

2. In the Save As window, provide a name for the saved log file. It is recommended that you 
incorporate the file type (Security, System, etc.) and the date in the name. Select a location to 
store the file. 

3» Click Save. 

Back Tracing 

One of the most powerful tools of protection is information. Sygate Personal Firewall 
provides you with the information that you need to trace hack attempts and protect your 
computer and personal infomriation from further intrusion attempts. 

Back tracing enables you to pinpoint where data from a logged event has arrived from Like 
retracing a criminaPs path at a crime scene, back tracing shows the exact steps that incoming 
traffic has made before reaching your computer and being logged by Sygate® Personal 
Flrewair^*, 

The option to backtrace a log event is available in both the Security and Traffic logs. 
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To Back Trace a Log Event 

1. In an open log file, click on an event until it is highlighted. 

2. Right-clicl< on the highlighted event A pop-up window will offer the option to Backtrace. 
?he^e5en"^*'^^*'''*"*'*°^'°""^^^^** Personal Firewall Pro will begin backtracing 



•I Pack Trace Informatio 




Sygate Personal Firewall Pro backtraces 
security log event. 

4. The Back Trace Information window opens, displaying traced information on the IP 
addresses that the log event data visited before arriving at your computer's front door. 



Trace Route field- 




one "hop" 



Back Trace Information Window 



The Trace Route field provides details on each "hop" made by the data packet that was 
ogged by Sygate Personal Firewall Pro. A "hop- is a transition point usua!JraTo,Jer 
that a packet of mfomiatfon travels through at as it makes its way from one computer to 
another on a public network, such as the Internet. ^-ompuxer to 
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Backtracing is the process of following a data packet backwards, discovering which routers 




Hacker's Computer 



Hops Hop 4 Hops Hop 2 Hopi 

routers on public network 



Your Computer 



Back tracing a Security Log entry 

the data took in order to reach your computer. In the case of a Security Log entry, you can 
trace a data packet used in an attack attempt. Each router that a data packet passes through 
has an IP address, which is provided in the backtrace Trace Route field. 

W h o I s 

Clicking the Whois button prompts Sygate Personal Firewall Pro to pull up 
detailed information on each hop logged in the Trace Route field. The information is 
displayed in a drop-down Detail Information panel. 



; Back Trace Information 



The first Hop indicates 
your router 



The last hop usually 
indicates the router of 
the data source. 



Clicking the OK button will 
close the Back Trace 
Information window. 




Trace Route 
field 



The Whols button 
provides detailed 
information on the 
owner of the IP 
address selected In 
the Trace Route field. 



Please note that the information provided in the Detail Information panel should be 
used responsibly. It is not advisable to contact persons listed in the Detail Information 
field unless you are experiencing a high number of security logs in which the attacks 
originate from one particular IP address. 
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Note You cannot use the Whois option ff you are under the Block All seouritv 
level. You must first switch to Normal or Allow All » oiock ah secunty 



The Packet Log 

The Packet Log is different from the other logs in Syqate PersonAi pi,.. .. » • 
data entering or leaving your computer. ^ recording the inadence of the 

This is significantly more infomiation than some might expect For InManro th^.i . ^ . 
opening an Internet browser causes Sygate Personal Fir'J^Ln?!? ' ® °^ 
entries in the Packet Log. A day's worth oflntemIt«!i ^'L®*'*' *° '°9 over two hundred 
number of Raw Packet L^s. ^ '^^'"^^ « "^er with a large 

For this reason, the Packet Log is disabled by default in Sygate Personal ct 
Packe, Lo, ^ sto^.", SS-Ss^TtaX ^^'^ "^l* 
Pr.M".""" "^'""^ Dump 

lenglh of tte pacik ^ ^Lt^^°"J^ <M <lB^g6«n IP «fdresses, and the 
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Configuration Options 



The Options window is one of the most powerful security features of Sygate 
Personal Firewall Pro, offering a multitude of protection strategy options. 



The Options selection of the Tools menu offers several settings for Sygate Personal 
Firewall Pro. including email notification of attacks, screen saver mode, log file 
configuration, and Networic Neighborhood options. 

To Open the Options Window 

You can open the Options... window either from the Tools menu at the top of the main 
console, or by selecting it from the System Tray Icon pop-up menu. The Options window 
consists of four tabs: General, Network Neighborhood, email Notification, and Log. 

The OK and Cancel buttons are located at the bottom of every tab in the Options window. 
The OK button applies any changes that you have made in the Options window, and then 
closes the window, eliciting the Cancel button ignores any changes you may have made in 
the Options window, and closes the window while retaining the previous settings. 

General Tab 

The General tab provides options for the basic mnning of Sygate Personal Firewall 
Pro. 

Sygate Personal Firewall Pro Service 

Checking this box automatically launches Sygate Personal Firewall Pro every time 
your computer is rebooted. This is the default setting. If you don't wish to have Sygate 
Personal Firewall Pro launch at start-up, clear this box of check marks. 

Updates 

Enabling this feature allows Sygate Personal Firewall Pro to notify you of updates to 
Sygate Personal Firewall Pro. If you do not wish to be notified, clear this box of check 
marks. 
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Screensaver Mode 

Enabling the Screensaver Mode option 
causes Sygate Personal Firewall Pro 
to switch the security level to Block All when 
your computer's Screensaver is activated. As 
soon as the computer is used again the 
security level will return to the previously 
assigned level. If you do not wish for your 
secunty level to change to Block All upon 
activation of your computer's Screensaver, 
clear this box of all check marks. 

You can allow certain applications network 
access during Screensaver Mode by 
checking the box at the top of the Advanced 
Application Configuration screen. 




Options Window - General tab 



System Tray Icon 

Checking this box will hide the Svaate P»re/^«»i c- •. « 

view Sygate Personai n^l'alf Pro wifSrbe n^Sl!^^ "^^^ 

hidden. The main console can be accessi by seS^^^ 

Personal Firewall>Sygate Personal PirlLii Tl?? "^^^'^^f »^«>9»^«nfi>Sygat« 

Icon. Clear this box of ch^marks « you wish to view the System Tray 

You can also hide or unhide the System Trav Icon fmm tha r^i-. 

of Sygate Personal Firewall PrT. °" ""^i" console 

Password Protection 

Eriabling Password Protection will protect your settings from being changed by another 
To Set a Password 

4ir""' *" ""»<»>• P".w<»,i 

2. Leave the Old Password field blank. 

^aEwiXr" "•—'"O ««■ VPe « again i„ .he C.„«™ ^ 
4. Click OK. 
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To Change an Old Password 

1 . To change your password, click the Set Password... button. The Password window 
opens. 

2. Enter your old password in the Old Password field. Enter a new password in the New 
Password field, and retype it in the Confirm New Password field. 

3. Click OK. 



NETWORK Neighborhood Tab 



The Networic Neighborhood tab provides 
multiple interface support and network browsing 
rights configuration. The Network 
Neighborhood tab is made up of three sections: 
Network Interface, Network Neighborhood 
Settings, and Description. 



The Network Interface section contains a pull- 
down box that lists ail networks that have been 
detected by Sygate Personal Firewall 
Pro. The options in the Network Neighborhood 
section apply to the network selected in the 
Network Interface pull-down box. The 
Description section offers a brief statement 
about the conditions that will be set according to 
which of the options you select from the Network 
Neighborhood section. 



Network Neighborhood Tab 



To Configure Network Neighborhood Rights 

1. Select the network from the Network Interface pull-down list. 

2. Decide if you wish to browse other computers on the network and if you wish to allow other 
users on the selected network to browse your computer. Under the Network Neighborhood 
Settings section, select the appropriate check boxes: 

•Selecting the Allow to browse Network Neighborhood files and 
printer(s) option will permit you to browse the files and printers on the 
selected networt<. 

•Selecting the Allow others to share my flies and printer(s) will allow other 
users of the selected network to browse your files and use your printer(s). 
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EMAIL Notification Tab 




The email Notification Tab provides you with 
the opt.on to automatically notify a ipecSS 



Email Notification Tab 



To Activate email Notification 



1 . First, select the frequency of notification. You have three choices 
ut,r^, '''^"'^ ^'^^'l "^^'^ option. 

add^ ^ro^rtlSi^r^'^'^ ^''"^^ P-or^ en«|, 

5. Enter a subject in the Subject field. 

6. Enter your SMTP Server Address 
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Log Tab 



The Log tab provides a central location to manage 
the logs for Sygate Personal Firewall Pro. 
The Log tab can also be reached through the Log 
Viewer, by opening the File menu and selecting 
Options.... 

Each log file is represented in a separate section in 
the Log tab. You can determine the standard log 
size for each log, as. well as specify how many 
days worth of entries are recorded in each log. 

To Set Log Size 

1. Click on the appropriate Maximum Log File 
Size field for the log you wish to configure. 

2. Enter a number. Click OK. 
To Set Log Time Period 




Log Tab 



1. Click on the appropriate Save Log File for the Past field for the log you wish to configure. 

2. Enter a number of days. Click OK. 

To Clear Log 

To clear a log from the Log File tab, simply click the Clear Logs button for the log you wish to 
clear. 

To Capture Packet Log 

1 . Click to check the box next to the Capture Packet Log option. 

2. Select a maximum file size (1024 KB is the default setting). 

3. Enter a number of days for which Sygate Personal Firewall Pro should save the log 
file entries. 

4. Click OK. 
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Advanced Rule Configuration 



Sygate Personal Firewall Pro offers usere the unique option to confiaure adv«nr^ 
rules that can override the rules automatically created by the Sewa^l durino no^ln 
ftrewall ir,teraction. You may not realize it. bui every time you SSl ir d^^? a^^ to an 
application, you are creating a rule for that application. If yo J use Advanced Co^Sf^tion^J 
specrfy application access rights (such as scheduling and port riS^^sHou aS^S^^^ 
parameters for the selected application, and thus creatig an applicErule H^evS £22 

ap^lSior ^" "^'^'^"'^^ configurations S^JJVee n'^eTret^^ 

Rules in the Advanced Rules w/indow will apply to ail aDDilcations Ari»o„o«w , ■ 

Fir?:rpV:"'"'"^^""^^ 

Creating Rules 

When you create a universal rule, first decide what effect you want the rule to have. 

Do you want to block all traffic when your Screensaver is on? Would you like to allow all traffic 
from a particular source? Do you want to block UDP packets from a web site? 
1. To begin, open the Tools menu at the top of the main console, and select Advanced 
Rules. You will most likely see the following message: « seieci Aovanced 




2. This message explains that rules in the Advanced Rules window will override anv ath^r 
automatic rules in Sygate Personal Firewall Pro. overnde any other 
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3. The Advanced Rules window will open. 




4. Once you have created mles, they will appear In this list. 

5. Click the Add button. The Advanced Rule Settings window opens. 

To create a mie. you must first specify the kind of traffic, and the conditions that must exist for 
the rule to take effect. There are four different sections within the Advanced Rule Settings 
window where you can specify the characteristics of the traffic: General, Hosts. Ports and 
Protocols, and Scheduling. You can use as many sections as necessary to specify the 
conditions and characteristics (time of day, type of traffic, port number) that will cause the rule 
to take effect, as well as the effect the mle will have. The more information and 
characteristics that you enter in the Advanced Rule Settings window, the more specific the 
rule will be. Note that each tab that contains specified information contributes to the 
functioning of a rule. 
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General Tab 

s.t':::rH^ - J « -j"^^^^^ you .„ — 




General Tab 



2. Second, decide the main action of the rule - do you want to bloH, t «• 

3. Next, choose which network intprf.. . . °' 
networic cards. seleS onS EuS down f "^^'^ « ^ave multiple 
apply the rule to ever cafd. °' ^^"^ All network interface wlS to 

• Off -This rule will be ac^^^onTi'^^ 

are satisfied. ^"^'^ """^ ^^^^n saver is off and all other conditions 

• Both On and Off - This mte is unaffected by the screensaver. 
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5. Place a check in the Record this traffic in Tacket Log* checkbox if you want traffic 

affected by this rule to be entered in the Packet Log. 

6. The Rule Summary field at the bottom of the tab provides a summary of the rule's 
functionality. Click OK to set the rule, or click on another tab to further specify mle conditions 
and properties. 

Hosts Tab 

The Hosts tab is where you can specify the source (IP address, MAC address, or Subnet 
range) of traffic that you wish to block or allow. 




Hosts Tab 



1. Select the way in which you want to identify the traffic source. You can use the All 
Addresses option if you are planning on blocking traffic from all sources for this rule. 

2. Enter the corresponding address or address range. 

3. The Rule Summary field at the bottom of the tab provides a summary of the rule's 
functionality. Click OK to set the rule, or click on another tab to further specify rule conditions 
and properties. 
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orts and Protocols Tab 

slirr a«^X~^^^ -^^^ P- and protocols. « 




Ports and Protocols Tab 



1 . Select a protocol from the top pull-down box qpiom a 1 1 » 

protocols. You can also choose TCP UD?. Sr oNP t^^ ^ " *° ^pply to all 

2. Then, select the traffic direction from the pull-down list 

aS^^^^^^^^^ P-ides a summary of the rule's 

and properties. °' °" a"°«'«^ »c» further specify mle conditions 
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Scheduling 

Scheduling is a good way to create a aile that you want to take effect only during (or 
excluding) certain time periods. For instance, if you want to block all traffic after 10 PM, then 
you can create a schedule that will permit the rule to do so. 

1. Open the Scheduling tab. Place a check in the Enable Scheduling checkbox. 



2. Decide if you want the schedule to take place during a certain time period, or outside of a 
certain time period. Select either During or Excluding. 

3. Select a month, day and beginning time from the pull-down lists, or leave the default 
settings, which will apply the rule schedule to all day, every day, all year. 

4. If you have a beginning time, enter a duration for the rule's effect. 

5. The Rule Summary field at the bottom of the tab provides a summary of the rule's 
functionality. Click OK to set the rule, or click on another tab to further specify rule conditions 
and properties. 



You can import and export advanced rules to improve your security and computing 
functionality. 




Scheduling Tab 



Importing and Exporting Rules 
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Importing a Rule 




Importing/Exporting a Rule 



2. Selej Import Rule. The Import window will open. Browse through the folders until vou 
locate the mie that you would like to import Click Open. ^ 

Exporting a Rule 

L^U'^SSXte;?^^^^^^^^^^ "^'"^ -indow. The imports 

2. Select Export Rule. The Export window will open. Browse throuqh the folders until «o.. 
determine the location to which you will export the rule. Click Saw ^ 
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Vulnerability Assessment 



Reacting to hacking attacks is only one way of approaching computer security. 

A more comprehensive approach includes not only tracking attempted or 
successful attacks, but also preempting them - and vulnerability assessment is 

the key to preventing hackers from being successful. 



SOS Scans 

Intrusion detection is, by itself, a purely reactive security method. Users and administrators 
need to be proactive in their quest to block potential intruders and protect vital information. 
One of the most important ways to know that your security policies are working is to test your 
firewall. 

Sygate® Technologies, Inc. has developed Sygate® Online Services (SOS) Security Scan, 
an online vulnerability assessment tool that can help users proactively locate weak points in 
their computer systems. This service is located at http://scan.sygate.com, and can be 
accessedthrough the Sygate Personal Firewall Pro main console. There are six main 
scanning options that can be utilized to assess possible security holes that compromise 
computer safety. 

To Access Sygate® Online Services 

1. Click the Test button located on the main console of Sygate Personal Firewall Pro, 
or select Test Your System Security from the Tools menu. 

2. The Sygate® Technologies web page (http://scan.sygatech.com) will load, and the 
Sygate® Online Services scanner will attempt to determine your IP address, operating 
system, and web browser. 

Six Different Scans 

There are six different scans available through Sygate® Online Services, listed along the left 
side of the main scan page. To view a brief description of the scan, click the name once. The 
description will load on the right side of the screen. 

To utilize a scan, click on the name of the scan and then click the Scan Now button. 

A brief document of frequently asked questions about Sygate® Online Services can also be 
accessed from the main scan page, by clicking link labeled Scan F.A.Q. at the bottom, left 
hand side of the screen. 
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TCP scan 

^^e a dangers «cu^ hi^'^';^?reiSr^^SiS^^ 

^DPscan 

;DP.ToVjS"ps"c\"r^^^^ re for open ports utilizing 
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Uninstalling Sygate® Personal 

Firewall Pro™ 



There may come a time when you need to uninstall Sygate Personal Firewall Pro 
in order to install a newer version, or to install software incompatible with 

Sygate Personal Firewall Pro. 



Although we have no idea as to why you might want to do this, there might come a time when 
you wish to uninstall Sygate Personal Firewall Pro from your computer. 

Sygate Personal Firewall Pro can be uninstalled via the standard Windows 
procedure, using the Add/Remove Programs window under Settings. However, you can 

also use the following procedure: 

1. Select St&rt>ProgranL6>Sygate Personal Firewall>Unin8tall Sygate 
Personal Firewall. 




2. The InslallShield Wizard will begin uninstallmg. 
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3. Click OK when the Confirm Hie Deletion 



screen pops up. 




4. InstallShleld Wizard will begin uninstalling Sygate Personal 



Firewall Pro. 
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5. InstallShield Wizard will complete file deletions. Select Yes and then Rnish to restart 



InstoUStuelJ Wizard 



S^t« Personal Ftewal hn bean successive uMmtakd 
BotflTo conlfiuvig, ft b tton^ recomnendcd thMjpounboot 

jfOiM oonputet. 



hTw. > wartt to restart ny conyutet nowj 
C No. Ivwa restart nyeonpUtertalei. 
RenxNO any (faks honi that ckivw« and Ihen dck Fnh lo 



your computer. 
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Appendix 1 



Table 11: System Tray Icons 



Meaning 




Incoming traffic is flowing uninterrupted; there Is no outgoing traffic."" 



Both incoming and outgoing traffic are flowing uninterrupted.' 
. nere is no incoming traffic; outgoing traffic is flowing unintemipted. 



# "^"^ blocked: outgoing traffic is flowing unintem]^ 



Incoming traffic is blocked: there is no outgoing traffic. 




There is no incoming trafffc; outgoing traffte is blocked, 



0 Incoming traffic is flowing^rrupted; outgoing traffic is blocked 
No traffic is flowing in either direction. 
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Appendix 2 



The following tables provide descriptions of the information recorded In Sygate Personal 
Firewall Pro logs. 



Table 12: System Log 


Column Heading 


What the Info Means... 1 


Time 


The date and time that the event was logged. 


Type 


The type of event - this will be either Error, Warning, or 
Information. An Error log indicates a problem with the 
source, a Warning log indicates a potential problem, and an 
Information log merely provides information on an event 
involving Sygate Personal Firewall Pro. 


ID 


The ID assigned to the event by Sygate Personal 
Firewall Pro. 
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Table 13: Security Log 



1 Column Heading 


What the Info Means... | 


Time 


The exact date and time that the event was logged. 


Security Type 


Type of hacking attempt, such as Port Scan. Denial of Sen/ice 


Severity 


wne OT mree levels - Critical, Major, and Minor. 


Count 


i^uiiiuur ui auacKs loggeQ* 


Direction 


Incoming or Outgoing - most attacks are Incoming, that is the7~ 

^ • . . , •»i^viimiy, ti im tilery 

are onginating from another computer and are attemptina to 
enter yours. Other attacks, however, like Trojan horses, are 
programs that you might download onto your computer that then 
attack from within your computer, and are consMered Outgoing 


Protocol 


The type of protocol used in the attempted attack - TCP, UDP 
ICMP. * 


Application Involved 


This column provides tlie name and path of the application 
involved in the log event. 


Remote IP 


The IP address of the attempted attack source. 


Remote Host Name 


Name of the remote computer. 


Local IP 


Your IP address. 


Begin Time 


The time that the attack attempt began. 


End Time 


The time that the attack attempt ended. 
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Table 14: Traffic Log 



Column Heading 


What the Info Means... | 


Time 


The exact date and time that the event was loggeo. 


Protocol 


Type of protocol - UDP, TCP, ICwIP. 


Direction 


Which v^ay the traffic was moving: into your computer 
(Incoming) or out of your computer (Outgoing) 


Action 


Action tal<en by Sygate Personal Firewall Pro: Blocked 
or Allowed. 


Count 


Number of events that occurred in this time period. 


Application Involved 


This column provides the name and path of the application 
involved in the security attack. 


Remote Host IP 


The IP address of the host computer. 


Remote Host Name 


Name of the host computer. 


Remote Port 


Port used by application. 


Local IP 


Your IP address. 


Local Port 


Port used on your computer for this traffic. 


Begin Time 


The beginning time of the event. 


End Time 


The time the event ended. 


Rule Name 


The rule that determined the passing or blockage of this traffic. 
If you were blocking certain applications, this column might 
read "Block.AIIMf Sygate Personal Firewall Pro is 
running at the Normal security level, this might read "Ask all 
running apps". 
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Table 15: Packet Log 



Column Heading 


What this Info Means... | 


lime 


The exact date and time that the event was loqqed 


Remote IP 


ic^gid ^^'^'^^ °* ^ ^^^^^ °^ recipient of the data being 


Remote Host Name 


The name of the host computer. 


Remote Port 


The virtual port being used for this date. 


Local IP 


Your IP address. 


Local Port 


The port being accessed for this date. 
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Log Viewer, 48 
Logs 
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logs, 46 

backtrace, 51 

clear, 50, 59 

configure, 59 
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icons, 48 

refresh, 51 

set size, 59 

show all, 47 

M 

main console, 28 
main screen, 28 
masquerading, 11 
menus, 30 

File, 30 

Help, 32 

Security, 30 

Tools, 31 

View, 31 
minimize, 35 

N 

Network Neighborhood, 57 

browsing rights, 57 
Normal, 37 
nonnal, 37 

o 

operating system, 14 
Options, 31, 55 



password 

changing, 57 
protection, 56 



setting, 56 
pop-up message, 20 

R 

register, 19 
registration, 19 
running application 

field, 33 

view, 34 
running applications 

icons, 35 



scheduling, 45 
Screensaver, 56 
security level 

Allow All, 38 

Block All, 38 

Normal, 37 

setting, 39 
setting 

security level, 39 
Status Bar, 35 
support, 20 

sygate personal firewall service, 
launch, 55 
System Tray Icon 

hide, 31, 56 

unhide, 28 

using, 27 
system tray icon, 26 

hide, 28 
SystemTray Icon 

Alert Mode, 27 



Test button, 21 
toolbar, 32 

traffic flow graphs, 29 
Trojan horse, 11, 12, 23 
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